EY: taking blockchain into production

Earlier this year GuardTime and EY launched their blockchain marine insurance platform InsurWave with signature client Maersk. The platform uses Corda and is hosted by Microsoft Azure. Last week at the CordaCon conference, the two joint venture partners described what they learned.

James Steiner, GuardTime Director, and Head of Delivery for Insurwave, EY’s Sagar Khandelwal outlined the process from pilot to production.

Set the right tone

It’s important you don’t get stuck when you need to make a decision. So at the very beginning, you need to set the right tone and understanding between all the parties. Make sure everyone is working towards the same vision and direction.

Though it’s worth noting that Insurwave is not a consortium, it’s a joint venture between EY and Guardtime.

Avoid decisions by committee

“There are a lot of products out in the market that are trying to deliver consortium based offerings. And it is a nightmare,” said Khandelwal. There will always be an organization or a person in the room that has a different view of how things should work. The aim is not to mimic how the world works today. You’re trying to design how it is going to work in the future.

Their approach was to avoid getting five organizations in the room with a blank piece of paper and ask where do we think the answer should be. Instead, they would start with how they thought the target stage should work. Then they’d try to figure out any reasons for why that plan is not going to solve their problem. There’s a difference between asking others for a decision versus getting buy-in from other parties.

Have buy-in from senior stakeholders

Sometimes they had to break the rules you would usually use for single client implementations. And for that, you need to have the senior stakeholders behind you.

Khandelwal gave an example. People still have a conventional mindset that a change approval takes four weeks and you need to get infosec and various other department approvals. The issue is when you’re dealing with five or six organizations you would never be able to align all their calendars to implement any change.

He believes if you’re working with multiple organizations, without C-suite buy-in you won’t be able to get infosec approvals to get things into production.

Be prepared to redefine existing IT and business processes

They did not want to digitize the processes the way it works today. Because insurance is a 300-year-old industry and the London market is predominantly paper-based.

That’s on the business side, but the same applies to the IT side. One example was rolling out a new release. Each organization has their own way to do releases. Some only do it on weekends, others insist on weekdays. Insurwave was doing this for six organizations, but imagine doing it for fifty. So the IT release process when working on a distributed project has to be different compared to a single organization release. It needs to be more dynamic.

Bring business users along the journey

A lot of brokers and underwriters are comfortable working with spreadsheets and pdfs. Insurwave was implementing policy changes in smart contracts. So they needed to understand how to charge a client for changes. But some small changes are not charged. For the technical team, the decision appeared to lack strict rules and be a matter of judgment on the day. That would make it hard to codify. “It is very hard to get a 300-year-old industry to move from a paper-based to a blockchain based solution,” said Khandelwal.

They decided to have business focus groups to resolve these sorts of issues. It took them six months to get the underwriters on board to what they were trying to achieve.

Don’t worry if it’s not right the first time

They changed the way they developed the solution at least four times. There are still members of Khandelwal’s team that want perfect written requirements that are all signed off. Khandelwal’s view is that’s possible, but then they’d still be in the design phase next year. Whereas they went live in May. Because it’s all new, they found they had to design a process and run it in production to see whether or not it works.

Bear in mind they were working on Insurwave before the Enterprise version of Corda was released, so they were dealing with an evolving product. Nonetheless, creating networks involving multiple organizations on a blockchain is bleeding edge right now. How do you do monitoring on one node? How do you do monitoring across the entire network? What are the security implications?

All the organizations were on Azure, but each organization had a different perspective on security implications. So it’s important to plan for time to work through these issues.

Khandelwal also admitted that some operational issues have ‘band-aids’ in certain areas because of a lack of available production solutions. For example, disaster recovery, failover, and backups.

Real test of solution is in production environment

Even though they had a substantial test setup with 50 or so nodes, some issues were not apparent at that stage. Only in production could they identify cross-organization problems in data exchange using Azure or blockchain or Corda.

Conclusion

The main messages were there’s a need for leadership, but yet get buy-in from C-suite as well as partners. That could be harder with a consortium. Secondly, because it’s all new, flexibility and agility are a must. It won’t be perfect. And thirdly, you’re only going to understand some of the problems once the project goes into production.